To all those fans of this insecure functionality (which I'm glad is now turned off by default) , you can just use extract() to achieve a similar goal more securely (unless you overwrite local variables with $_GET or $_POST data).

Beware that all the solutions given in the comments below for emulating register_global being off are bogus, because they can destroy predefined variables you should not unset. For example, suppose that you have

<?php $_GET['_COOKIE'] == 'foo'; ?>

Then the simplistic solutions of the previous comments let you lose all the cookies registered in the superglobal "$_COOKIE"! (Note that in this situation, even with register_global set to "on", PHP is smart enough to not mess predefined variables such as $_COOKIE.)

A proper solution for emulating register_global being off is given in the FAQ, as stated in the documentation above.

/* Forces all GET and POST globals to register and be magically quoted. * This forced register_globals and magic_quotes_gpc both act as if * they were turned ON even if turned off in your php.ini file. * * Reason behind forcing register_globals and magic_quotes is for legacy * PHP scripts that need to run with PHP 5.4 and higher. PHP 5.4+ no longer * support register_globals and magic_quotes, which breaks legacy PHP code. * * This is used as a workaround, while you upgrade your PHP code, yet still * allows you to run in a PHP 5.4+ environment. * * Licenced under the GPLv2. Matt Kukowski Sept. 2013 */

I had a look at the post from Dice, in which he suggested the function unregister_globals(). It didn't seem to work - only tested php 4.4.8 and 5.2.1 - so I made some tweaking to get it running. (I had to use $GLOBALS due to the fact that $$name won't work with superglobals).

While we all appreciate the many helpful posts to get rid of register_globals, maybe you're one of those who just loves it. More likely, your boss says you just have to live with it because he thinks it's a great feature.

To expand on the nice bit of code Mike Willbanks wrote and Alexander tidied up, I turned the whole thing in a function that removes all the globals added by register_globals so it can be implemented in an included functions.php and doesn't litter the main pages too much.